Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.11, 11.4, 11.8, 12.3, 12.3.2
-
Linux x86_64, Docker container
Description
SELECT LOWER ( ( WITH RECURSIVE x ( x ) AS ( SELECT 1 EXCEPT SELECT GET_LOCK ( NULL , 0 ) ) SELECT x FROM ( SELECT 1 AS x UNION SELECT 2 ) AS x WHERE x IN ( SELECT format_bytes ( pow ( 2 , '%k' ) ) FROM x WHERE x IN ( SELECT * FROM ( WITH RECURSIVE x ( x ) AS ( WITH RECURSIVE x ( x ) AS ( SELECT 1 UNION SELECT x + 1 FROM x ) SELECT CURRENT_DATE ( ) FROM x GROUP BY x , x HAVING x = CASE WHEN ( SELECT ( 1 ) WHERE x IS NULL OR ST_LONGFROMGEOHASH ( ST_GEOHASH ( -180 , 0 , 20 ) ) GROUP BY 'x' ) - 1 THEN ( 1 ^ x ) ELSE CASE WHEN CASE WHEN extractvalue ( '<a>A<b>B1</b><b>B2</b></a>' , '/a/b[count(.)=1]' ) NOT IN ( SELECT * FROM ( SELECT 2 UNION SELECT 3 UNION SELECT 'LINESTRING(0 0,-0.00 0)' ) AS x GROUP BY x HAVING NOT NOT ( x ) ) THEN 1 ELSE 1 END THEN 1 WHEN 'x' LIKE 'x' THEN 1 END END ) SELECT x FROM x WHERE x IN ( SELECT x FROM ( WITH RECURSIVE x ( x ) AS ( SELECT 1 UNION SELECT x + 1 FROM x ) SELECT * FROM x WHERE x < 456 GROUP BY x HAVING x = ( SELECT x FROM x LIMIT 1 ) OR x IS NULL ) AS x ) GROUP BY ( x > 'o' ) , x % 2 ORDER BY 'test' , 'testtest' ) AS x ) ) ORDER BY x LIMIT 1 ) ) ; |
Expected result
The server should either execute the query or return a normal SQL error without crashing.
Actual result
The fuzzing run observed a server crash. The deduplicated stack signature is:
stack:hp_rec_hashnr|hp_write_key|heap_write|_ZN7ha_heap9write_rowEPKh|_ZN7handler16ha_write_tmp_rowEPh|_ZL9end_writeP4JOINP13st_join_tableb|_ZL20evaluate_join_recordP4JOINP13st_join_tablei|_Z10sub_selectP4JOINP13st_join_tableb
|
Top frames:
hp_rec_hashnr
|
hp_write_key
|
heap_write
|
_ZN7ha_heap9write_rowEPKh
|
_ZN7handler16ha_write_tmp_rowEPh
|
_ZL9end_writeP4JOINP13st_join_tableb
|
_ZL20evaluate_join_recordP4JOINP13st_join_tablei
|
_Z10sub_selectP4JOINP13st_join_tableb
|
Attachments
Issue Links
- relates to
-
-
- Closed
-